AWI Client: View Connection Server + Imprivata OneSign Session Settings

Select the View Connection Server + Imprivata OneSign session connection type from the Configuration > Session page to configure the client to authenticate through the Imprivata OneSign system in addition to a View Connection Server when connecting to a virtual desktop.

Figure 5-27: AWI Session Connection Type – View Connection Server + Imprivata OneSign

Table 5-32: AWI Session Page Parameters

Parameter Description

DNS Name or IP Address

Enter the VMware View Connection Server's DNS name or IP address.

Bootstrap URL Enter the bootstrap URL used to find an initial OneSign server in a OneSign authentication deployment.

Onesign Desktop Name Mode

Select whether the Desktop Name to Select property is used in OneSign Mode:

l Ignore

l Use If Set

Desktop Name to Select Enter the desktop name. When the desktop pool list includes a pool with this name, the client will immediately start a session with that pool.

Note: This field is case-insensitive.

Onesign Appliance Verification

Select the level of verification performed on the certificate presented by the OneSign appliance server:

l No verification: Connect to any appliance

l Full verification: Only connect to appliances with verified certificates

VCS Certificate Check Mode

Select how the client behaves if it cannot verify a secure connection to the View Connection Server:

l Never connect to untrusted servers: Configure the client to reject the connection if a trusted, valid certificate is not installed.

(This is the most secure option.)

l Warn before connecting to untrusted servers: Configure the client to display a warning if an unsigned or expired certificate is encountered, or if the certificate is not self-signed and the zero client trust store is empty. (This option is selected by default.)

l Do not verify server identity certificates: Configure the client to allow all connections. (This option is not secure.)

VCS Certificate Check Mode Lockout

Enable to prevent users from changing the VCS Certificate Check Mode settings from the OSD.

Trusted View Connection Servers

Click the Show button to display VMware View Connection Servers for which the client has received a valid certificate.

Click the Clear button to clear this cache.

Login Username Caching

When enabled, the username text box automatically populates with the last username entered.

Use OSD Logo for View Banner

When enabled, the PCoIP zero client OSD logo appears during login in place of the VMware View banner. You can upload an OSD logo from theOSD Logo Uploadpage.

Parameter Description

Prefer GSC-IS When selected, the GSC-IS interface is used if a smart card supports more than one interface such as CAC (GSC-IS) and PIV endpoint. If a smart card supports only one interface, such as either CAC or PIV endpoint, then only the CAC or PIV endpoint interface is used regardless of this setting. This only affects smart card access performed outside of PCoIP sessions.

Enable Peer Loss Overlay

When enabled, the “Network Connection Lost” overlay appears on the display(s) when a loss of network connectivity is detected. It also appears in the case of a virtual desktop such as VMware View.

Normal hypervisor scheduling delays can falsely trigger this message.

Note: This option is only available for a zero client. Desktop applications that require the peer loss notification should re-enable the feature through the OSD, AWI, or MC.

Enable Preparing Desktop Overlay

When enabled, the "Preparing Desktop" overlay appears on the display(s) when users log in.

Note: This overlay provides assurance that login is proceeding if the desktop takes more than a few seconds to appear.

Enable Session Disconnect Hotkey

When enabled, users can press the Ctrl+Alt+F12 hotkey sequence to pop up the "Zero Client Control Panel" overlay, which lets them disconnect the current session on the workstation or power off the workstation.

Note: Before users can use this disconnect hotkey sequence, certain other configuration options must be in place. SeeDisconnecting from a Sessionfor details.

Session Negotiation Cipher

Configure the Transport Layer Security (TLS) cipher the client will use to negotiate the TLS session between the PCoIP client and the PCoIP host:

l TLS 1.0 with RSA keys and AES-256 or AES-128 encryption:

This option provides maximum compatibility.

l TLS 1.2 with Suite B-compliant 192-bit elliptic curve encryption. This option provides a higher level of security.

Enabled Session Ciphers

Enable or disable an encryption mode for the device. By default, all encryption modes that pertain to a device are enabled.

l AES-128-GCM (Tera1 and Tera2): An encryption method implemented in first-generation Tera1 and second-generation Tera2 processors. This method offers the best performance between hardware endpoints for Tera1 devices. AES-128-GCM also may offer improved performance for Tera2 clients when connecting to VMware 4 or later if there is more than about 7 Mbps available on the network.

l AES-256-GCM (Tera2 only): A more secure encryption method implemented in second-generation Tera2 processors that offers the best performance between hardware endpoints. When connecting to VMware 4 or later, AES-128-GCM is recommended.

Parameter Description

l Salsa20-256-Round12 (Tera1 only): A lighter encryption method implemented in firmware that may offer improved performance for Tera1 clients when connecting to VMware View 4 or later if there is more than about 7 Mbps available on the network.

Note: For more information about connecting to VMware View virtual desktops, see "Using PCoIP Zero Clients with VMware View User Guide" (TER0904005).

Note: The enabled encryption mode must match between the host and client for a session to be established. If more than one mode is enabled, the firmware selects the following:

l Host to Tera1 or Tera2 clients: AES-128-GCM or AES-256-GCM for the PCoIP session.

l VMware View 4.5 and later to Tera1 client: SALSA20-256-Round12 for the PCoIP session.

l VMware View 4.5 and later to Tera2 client: AES-128-GCM for the PCoIP session.

Disconnect Message Filter

This field lets you control what type of messages appear when a session is disconnected. There are three categories:

Information: User- or administrator-initiated actions affecting the session:

l You have been disconnected because you logged in from another location or your host was shut down or restarted.

l You have been disconnected because an administrator disconnected you.

l You have been disconnected because you logged in from another location.

l You have been disconnected because you disconnected from your workstation.

Warning: System-initiated, but expected actions affecting the session:

l You have been disconnected because your session timed out.

Error: Unexpected system-initiated actions causing session to fail:

l You have been disconnected.

l Unable to connect (0x1001). Please contact your IT administrator.

l Unable to connect (0x1002). Please contact your IT administrator.

l Session closed remotely.

l Session closed remotely (unknown cause).

l You have been disconnected due to a configuration error (0x100). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x201). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x300). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x301). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x302). Please contact your IT administrator for assistance.

Parameter Description

l You have been disconnected due to a configuration error (0x303). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x305). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x400). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x401). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x402). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x403). Please contact your IT administrator for assistance.

l You have been disconnected due to a configuration error (0x404). Please contact your IT administrator for assistance.

You can choose to display:

1. Show All messages – This option shows all disconnect messages including Info, Warning, and Error messages.

2. Show Error and Warnings Only – This option hides info messages and displays only error and warning messages.

3. Show Error Only – This option hides Info and Warning messages and displays only Error messages.

4. Show None – Don’t show any disconnect messages.